// ---------------------------------------------------------------------------- // // MyNewsGroups :) HIGHLY MODIFIED // Password recall utility // // ---------------------------------------------------------------------------- // //------------------------------------------------------------------// // pass.php // // Created: 7-18-2006 // Last Modified: 04-11-2007 // Author:D.A. // // Description: User forgot the password. Big deal, send it to them! // // //------------------------------------------------------------------// session_start(); include("config.php"); $db=new My_db; $db->connect(); // MyNG setting up... init(); // Set up the language modules_get_language(); // Templates $t = new Template($_SESSION['conf_system_root']."/themes/".$_SESSION['conf_vis_theme']."/templates/"); $admin_host = str_replace("www.", "", $_SERVER['SERVER_NAME']); $form .= '
Please insert the code you have received in the e-mail into the form below.
'; // Check if the user pushed 'register!' if(isset($_POST['email']) || isset($_POST['id_user'])){ // SANITIZE QUERY if(isset($_POST['id_user']) && $_POST['id_user'] != '' ) { $id_user = sanitize_input($_POST['id_user']); //echo "checking user: $id_user"; $query = "SELECT usr_passwd,usr_email FROM myng_user WHERE usr_name = '" . $id_user."';"; $db->query($query); if($db->num_rows() != 0) { $db->next_record(); $password = $db->Record['usr_password']; $email = $db->Record['usr_email']; if(mail_reset_code($email,$id_user)) { $system_info = "A password reset confirmation request has been sent!"; $message = 'You are almost done! Please check your e-mail inbox for the password reset confirmation request that we sent to the email address you have provided. Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $message .= $form; $user_found=1; } else { $system_info = "Error sending the password reset confirmation message!"; $message = 'Error sending the password reset confirmation message! Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $user_found=1; } } else { if(isset($_POST['email']) && $_POST['email'] != '') { $email = sanitize_input($_POST['email']); //echo "checking e-mail: $email"; $query = "SELECT usr_passwd,usr_name FROM myng_user WHERE usr_email = '" . $email."';"; $db->query($query); if($db->num_rows() != 0) { $db->next_record(); $password = $db->Record['usr_password']; $id_user = $db->Record['usr_name']; // INSERT PASSWORD RANDOMIZING CODE HERE if(mail_reset_code($email,$id_user)) { $system_info = "A password reset confirmation request has been sent!"; $message = 'You are almost done! Please check your e-mail inbox for the password reset confirmation request that we sent to the e-mail address you have provided. Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $message .= $form; $user_found=1; } else { $system_info = "Error sending the password reset message!"; $message = 'Error sending the password reset message ! Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $user_found=1; } } else { //echo "e-mail $email not found"; } } } } if ($user_found==0) { $system_info = "Error: no such user or e-mail"; echo "Mailer Error: " . $mail->ErrorInfo; return false; exit; } else { return true; } } function genpassword($length){ srand((double)microtime()*1000000); $vowels = array("a", "e", "i", "o", "u"); $cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl"); $num_vowels = count($vowels); $num_cons = count($cons); for($i = 0; $i < $length; $i++){ $password .= $cons[rand(0, $num_cons - 1)] . $vowels[rand(0, $num_vowels - 1)]; } return substr($password, 0, $length); } ?>